Infection Virus js fake warn-e (trj)

[Thanos]

ok je te prépare un petit script. En attendant un scan rapide d'un fichier à faire =>

 

Rend toi à cette adresse => VirusTotal - Free Online Virus, Malware and URL Scanner

 

Tu as une case nommée "Parcourir": tu cliques dessus et une fenêtre s'ouvre=> copie/colle ceci dans le champs à droite de "Nom du Fichier" en bas de page >> c:\windows\System32\shsvcs.dll

 

Clique maintenant sur "ouvrir" en bas de la fenêtre puis sur "Envoyer le fichier". Le scan de ce fichier va débuter. Tu n'as plus qu'à sélectionner puis copier /coller l'analyse dans ton prochain message.

Note: les fichiers uploadés sont mis en attente, car le virusscan est sollicité! patiente (un message t'indique le temps que ca prendra pour faire analyser)

 

Note: il arrive parfois que le fichier ait déjà été analysé. Si c'est le cas, clique sur le bouton Reanalyse file now

 

Edition: En attente du scan du fichier pour voir si je l'inclus dans le script

[keyronn]

Voilà l'analyse.Yavait un truc additional information j'ai mis show all et je lai mis ds le message je sais pas si c'est important.

 

File name:

shsvcs.dll

Submission date:

2010-09-19 19:57:59 (UTC)

Current status:

queued (#2) queued analysing finished

Result:

0/ 43 (0.0%)

 

 

Antivirus Version Last Update Result

AhnLab-V3 2010.09.19.00 2010.09.18 -

AntiVir 8.2.4.58 2010.09.18 -

Antiy-AVL 2.0.3.7 2010.09.19 -

Authentium 5.2.0.5 2010.09.19 -

Avast 4.8.1351.0 2010.09.19 -

Avast5 5.0.594.0 2010.09.19 -

AVG 9.0.0.851 2010.09.19 -

BitDefender 7.2 2010.09.19 -

CAT-QuickHeal 11.00 2010.09.18 -

ClamAV 0.96.2.0-git 2010.09.19 -

Comodo 6132 2010.09.19 -

DrWeb 5.0.2.03300 2010.09.19 -

Emsisoft 5.0.0.37 2010.09.19 -

eSafe 7.0.17.0 2010.09.17 -

eTrust-Vet 36.1.7862 2010.09.17 -

F-Prot 4.6.1.107 2010.09.19 -

F-Secure 9.0.15370.0 2010.09.19 -

Fortinet 4.1.143.0 2010.09.19 -

GData 21 2010.09.19 -

Ikarus T3.1.1.88.0 2010.09.19 -

Jiangmin 13.0.900 2010.09.19 -

K7AntiVirus 9.63.2552 2010.09.18 -

Kaspersky 7.0.0.125 2010.09.19 -

McAfee 5.400.0.1158 2010.09.19 -

McAfee-GW-Edition 2010.1C 2010.09.19 -

Microsoft 1.6201 2010.09.19 -

NOD32 5462 2010.09.19 -

Norman 6.06.06 2010.09.19 -

nProtect 2010-09-19.01 2010.09.19 -

Panda 10.0.2.7 2010.09.19 -

PCTools 7.0.3.5 2010.09.19 -

Prevx 3.0 2010.09.19 -

Rising 22.65.05.00 2010.09.18 -

Sophos 4.57.0 2010.09.19 -

Sunbelt 6896 2010.09.19 -

SUPERAntiSpyware 4.40.0.1006 2010.09.19 -

Symantec 20101.1.1.7 2010.09.19 -

TheHacker 6.7.0.0.024 2010.09.19 -

TrendMicro 9.120.0.1004 2010.09.19 -

TrendMicro-HouseCall 9.120.0.1004 2010.09.19 -

VBA32 3.12.14.0 2010.09.17 -

ViRobot 2010.9.18.4048 2010.09.19 -

VirusBuster 12.65.14.0 2010.09.19 -

 

 

 

 

Additional information

Show all

MD5 : 921d359c1168867b515c219acced9609

SHA1 : 7137083f643df4fb6cca0c4db2a522a276fbcf3f

SHA256: 10fabd7777b86b9c255cbad05b05626863f16f8e247a51bec00314eea5eef40b

ssdeep: 6144:F1X0pIHiK+cYVZ3XyfFkGPtO47JUPT9i5l:sKDYv8l

File size : 245248 bytes

First seen: 2009-02-26 23:45:06

Last seen : 2010-09-19 19:57:59

TrID:

Win32 Executable MS Visual C++ (generic) (65.2%)

Win32 Executable Generic (14.7%)

Win32 Dynamic Link Library (generic) (13.1%)

Generic Win/DOS Executable (3.4%)

DOS Executable Generic (3.4%)

sigcheck:

publisher....: Microsoft Corporation

copyright....: © Microsoft Corporation. All rights reserved.

product......: Microsoft_ Windows_ Operating System

description..: Windows Shell Services Dll

original name: SHSVCS.DLL

internal name: SHSVCS

file version.: 6.0.6000.16386 (vista_rtm.061101-2205)

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEInfo: PE structure information

 

[[ basic data ]]

entrypointaddress: 0x70E7

timedatestamp....: 0x4549BDBE (Thu Nov 02 09:43:26 2006)

machinetype......: 0x14c (I386)

 

[[ 4 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0x1DB0F, 0x1DC00, 6.43, c3b920956eb078a3150cf3f4174bf1db

.data, 0x1F000, 0xCA0, 0xC00, 1.14, aeb87930e8916d0893c738f90e0027ef

.rsrc, 0x20000, 0x1BBC0, 0x1BC00, 3.84, cc6848be54eefb8e68c023f58b15eedc

.reloc, 0x3C000, 0x15A8, 0x1600, 6.72, 007e6fdc4940076cc6234484529dc8d6

 

[[ 5 import(s) ]]

msvcrt.dll: _wcsnicmp, memmove, _except_handler4_common, _onexit, _lock, __dllonexit, _unlock, _adjust_fdiv, _amsg_exit, _initterm, free, malloc, _XcptFilter, memcpy, _purecall, _vsnwprintf, memset, __2@YAPAXI@Z, __3@YAXPAX@Z

ntdll.dll: NtQueryVolumeInformationFile, NtOpenThread, NtOpenThreadToken, RtlUnhandledExceptionFilter, NtReplyPort, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCompleteConnectPort, NtCreatePort, NtDuplicateToken, NtSetInformationThread, RtlInitializeCriticalSection, RtlNtStatusToDosError, RtlAllocateAndInitializeSid, NtOpenProcessToken, NtFilterToken, NtClose, RtlFreeSid, NtConnectPort, NtOpenProcess, NtOpenEvent, RtlInitUnicodeString, NtCreateEvent, NtQueryInformationProcess, NtQuerySystemInformation, RtlImageNtHeader, NtRequestWaitReplyPort, RtlDeleteCriticalSection

KERNEL32.dll: InterlockedIncrement, InterlockedDecrement, CreateEventW, WaitForSingleObject, Sleep, HeapCreate, HeapDestroy, SystemTimeToFileTime, GetLocalTime, GetTickCount, HeapAlloc, HeapFree, QueryPerformanceCounter, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, lstrcmpW, QueueUserWorkItem, SetEvent, LocalFree, lstrlenW, InterlockedExchange, GetCurrentThreadId, ResetEvent, RegisterWaitForSingleObject, LoadLibraryW, UnregisterWait, WaitForMultipleObjects, GetLastError, OpenProcess, GetCurrentProcess, DuplicateHandle, GetVersionExA, GetSystemDirectoryW, GetModuleHandleW, lstrcmpiW, GetFullPathNameW, GetModuleFileNameW, GetMailslotInfo, GetOverlappedResult, CancelIo, GetCurrentThread, CloseHandle, SetLastError, CreateMailslotW, GetCurrentProcessId, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, LoadLibraryA, InterlockedCompareExchange, FreeLibrary, GetProcAddress, DelayLoadFailureHook, DisableThreadLibraryCalls, UnmapViewOfFile, GetFileSize, MapViewOfFile, CreateFileMappingW, ReadFile, SetFilePointer, CreateFileW, LocalAlloc, ExpandEnvironmentStringsW, OpenEventW, ReadProcessMemory, VirtualFreeEx, WriteProcessMemory, VirtualAllocEx, QueueUserAPC, CompareStringW, DeviceIoControl, GetVolumePathNamesForVolumeNameW, FindClose, FindFirstFileW, GetPrivateProfileStringW, WritePrivateProfileStringW, GetFileAttributesW, GetVolumeInformationW, GetVolumeNameForVolumeMountPointW, GetVolumePathNameW

ADVAPI32.dll: GetCurrentHwProfileW, CloseServiceHandle, GetSecurityInfo, GetAce, AllocateAndInitializeSid, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, FreeSid, SetSecurityInfo, GetLengthSid, InitializeAcl, AddAccessAllowedAceEx, AddAccessAllowedAce, RegOpenKeyExW, RegCreateKeyExW, RegCloseKey, RegEnumValueW, RegDeleteValueW, RegOpenKeyExA, RegQueryValueExA, RegSetValueExW, RegQueryValueExW, EqualSid, GetTokenInformation, CryptVerifySignatureW, CryptHashData, CryptImportKey, CryptDestroyKey, CryptDestroyHash, RegEnumKeyExW, CryptReleaseContext, CryptAcquireContextW, CryptCreateHash, OpenSCManagerW, QueryServiceStatus, QueryServiceConfigW, DeleteService, ChangeServiceConfigW, SetServiceStatus, ChangeServiceConfig2W, CreateServiceW, RegisterServiceCtrlHandlerExW, EventWrite, EventEnabled, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegDeleteKeyW, OpenServiceW, CreateProcessAsUserW, SetThreadToken, RevertToSelf, ImpersonateLoggedOnUser, OpenProcessToken, OpenThreadToken, EventRegister, EventUnregister, UnregisterTraceGuids, RegisterTraceGuidsW, GetTraceLoggerHandle, GetTraceEnableLevel, GetTraceEnableFlags

USER32.dll: GetSystemMetrics, CloseDesktop, SetThreadDesktop, GetThreadDesktop, OpenInputDesktop, UnregisterDeviceNotification, RegisterDeviceNotificationW, UnregisterUserApiHook

 

[[ 6 export(s) ]]

CreateHardwareEventMoniker, DllInstall, DllRegisterServer, DllUnregisterServer, HardwareDetectionServiceMain, ThemeServiceMain

[Thanos]

ok c'est bon voici donc le script =>

 

Rend toi sur cette page afin de télécharger le fichier CFScript => Download CFScript.txt from Sendspace.com - send big files the easy way

Clique sur le lien à droite de Download Link en bas de page et télécharge le fichier sur ton Bureau.

• Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe (keyronn.exe) comme sur la capture
  
  
• Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!
  Ne touche à rien tant que le scan n'est pas terminé.
  
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  
• Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt
  

Note: Le script proposé est adapté au cas de keyronn: Vous ne devez en aucun cas l'utiliser sur votre pc!

[keyronn]

Voilà les rapport

 

ComboFix 10-09-17.04 - sacha 20.09.2010 1:18.2.2 - x86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.41.1036.18.2046.1197 [GMT 2:00]

Lancé depuis: c:\users\sacha\Desktop\keyronn.exe

Commutateurs utilisés :: c:\users\sacha\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 

FILE ::

"c:\programdata\Google\Google Toolbar\Update\gtb4CCB.tmp.exe"

"c:\users\sacha\appdata\roaming\ohydy.exe"

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\programdata\Google\Google Toolbar\Update\gtb4CCB.tmp.exe

c:\users\sacha\AppData\Local\rswldiuyr

c:\users\sacha\AppData\Local\Temp\jna21001.dll

c:\users\sacha\AppData\Local\tqdndfsvj

 

.

--------------- FCopy ---------------

 

c:\windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll --> c:\windows\System32\shsvcs.dll

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_ManyCam

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2010-08-19 au 2010-09-19 ))))))))))))))))))))))))))))))))))))

.

 

2010-09-19 23:29 . 2010-09-19 23:29 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-09-19 23:29 . 2010-09-19 23:29 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-09-19 16:43 . 2010-09-19 16:43 -------- d-----w- c:\users\sacha\AppData\Roaming\Avira

2010-09-17 13:33 . 2010-08-17 11:39 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-09-17 13:33 . 2010-08-17 11:39 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-09-17 13:33 . 2010-09-17 13:33 -------- d-----w- c:\programdata\Avira

2010-09-17 13:33 . 2010-09-17 13:33 -------- d-----w- c:\program files\Avira

2010-09-10 23:43 . 2010-09-10 23:43 -------- d-----w- c:\users\sacha\AppData\Roaming\Malwarebytes

2010-09-10 23:43 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-10 23:43 . 2010-09-10 23:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-10 23:43 . 2010-09-10 23:43 -------- d-----w- c:\programdata\Malwarebytes

2010-09-10 23:43 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-10 19:53 . 2010-09-15 14:46 -------- d-----w- c:\program files\RomStation

2010-09-10 15:18 . 2010-09-10 15:18 -------- d-----w- c:\program files\trend micro

2010-09-10 13:31 . 2010-09-10 13:31 -------- d-----w- c:\program files\Microsoft Works

2010-09-10 13:31 . 2010-09-10 13:37 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2010-09-10 13:31 . 2010-09-10 13:31 -------- d-----w- c:\program files\Microsoft.NET

2010-09-09 17:37 . 2010-09-09 17:37 -------- d-----w- c:\users\sacha\Office Genuine Advantage

2010-09-09 17:14 . 2010-09-09 17:14 -------- d-----w- c:\programdata\Office Genuine Advantage

2010-09-05 09:40 . 2010-09-05 09:44 -------- d-----w- c:\users\sacha\AppData\Local\ManyCam

2010-09-03 14:09 . 2010-09-03 14:10 -------- d-----w- c:\windows\B4009EBB0818454FA6E8BBAAAEEF89E6.TMP

2010-09-02 17:22 . 2010-09-02 17:22 -------- d-----w- c:\users\sacha\AppData\Roaming\TI-Nspire

2010-09-02 17:16 . 2010-09-02 17:16 -------- d-----w- c:\users\sacha\AppData\Roaming\Texas Instruments

2010-09-02 17:14 . 2010-09-02 17:14 -------- d-----w- c:\programdata\SafeNet Sentinel

2010-09-02 17:13 . 2010-09-03 14:09 -------- d-----w- c:\program files\TI Education

2010-09-02 17:06 . 2010-09-02 17:21 -------- d-----w- c:\programdata\TI-Nspire CAS

2010-09-02 17:06 . 2010-09-03 14:13 -------- d-----w- c:\program files\Common Files\TI Shared

2010-09-02 14:51 . 2010-09-02 14:51 -------- d-----w- c:\programdata\FLEXnet

2010-09-02 14:31 . 2010-09-02 14:31 -------- d-----w- c:\program files\Common Files\Macrovision Shared

2010-08-24 13:32 . 2010-09-19 16:47 -------- d-----w- c:\users\sacha\AppData\Roaming\Dropbox

2010-08-24 13:17 . 2009-09-17 07:12 303104 ----a-w- c:\windows\system32\CNC640L.dll

2010-08-24 13:17 . 2009-04-03 13:59 110592 ----a-w- c:\windows\system32\CNC640I.dll

2010-08-24 13:17 . 2009-04-03 14:00 1310720 ----a-w- c:\windows\system32\CNC640C.dll

2010-08-24 13:17 . 2009-04-03 13:57 106496 ----a-w- c:\windows\system32\CNC640U.dll

2010-08-24 13:17 . 2008-08-25 16:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll

2010-08-24 13:15 . 2010-08-24 13:15 -------- d-----w- c:\program files\Common Files\CANON

2010-08-24 13:14 . 2010-08-24 13:14 -------- d--h--w- c:\programdata\CanonBJ

2010-08-24 13:14 . 2009-05-26 03:00 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPA2.DLL

2010-08-24 13:14 . 2009-05-26 03:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDA2.DLL

2010-08-24 13:13 . 2010-08-24 13:13 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information

2010-08-24 13:11 . 2009-05-26 03:00 272384 ----a-w- c:\windows\system32\CNMLMA2.DLL

2010-08-24 13:11 . 2009-03-18 05:09 178176 ----a-w- c:\windows\system32\CNMIUA2.DLL

2010-08-24 13:11 . 2010-08-24 13:11 -------- d--h--w- c:\program files\CanonBJ

2010-08-24 13:11 . 2010-08-24 13:11 -------- d-----w- c:\windows\system32\STRING

2010-08-24 13:11 . 2010-08-24 13:11 -------- d-----w- c:\windows\system32\CHM

2010-08-24 13:11 . 2009-04-03 12:51 137216 ----a-w- c:\windows\system32\CNMNPUI.DLL

2010-08-24 13:11 . 2009-04-03 12:51 353792 ----a-w- c:\windows\system32\CNMNPPM.DLL

2010-08-24 13:10 . 2010-08-24 13:20 -------- d-----w- c:\program files\Canon

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-19 23:29 . 2009-10-11 14:20 -------- d-----w- c:\users\sacha\AppData\Roaming\LimeWire

2010-09-19 16:50 . 2007-10-19 01:29 -------- d-----w- c:\program files\Common Files\Roxio Shared

2010-09-19 16:48 . 2010-02-03 16:29 -------- d-----w- c:\program files\Steam

2010-09-17 13:41 . 2010-02-03 16:29 -------- d-----w- c:\program files\Common Files\Steam

2010-09-15 20:06 . 2009-10-29 14:22 -------- d-----w- c:\programdata\Microsoft Help

2010-09-14 14:39 . 2009-11-10 19:23 -------- d-----w- c:\program files\Common Files\Adobe

2010-09-11 12:22 . 2009-10-11 14:18 -------- d-----w- c:\program files\LimeWire

2010-09-11 10:35 . 2009-11-07 08:57 -------- d-----w- c:\program files\Microsoft Silverlight

2010-09-10 23:43 . 2007-10-19 10:26 4877680 ----a-w- c:\windows\system32\perfh00C.dat

2010-09-10 23:43 . 2007-10-19 10:26 1523938 ----a-w- c:\windows\system32\perfc00C.dat

2010-09-10 13:51 . 2008-01-07 10:24 111984 ----a-w- c:\users\sacha\AppData\Local\GDIPFONTCACHEV1.DAT

2010-09-10 13:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild

2010-09-09 16:52 . 2009-11-07 08:49 -------- d-----w- c:\program files\Microsoft

2010-09-03 20:04 . 2010-06-24 09:35 1356 ----a-w- c:\users\sacha\AppData\Local\d3d9caps.dat

2010-09-03 14:10 . 2010-02-09 09:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-09-03 14:04 . 2010-08-18 23:40 -------- d-----w- c:\program files\Inkscape

2010-09-03 14:00 . 2010-08-18 23:56 -------- d-----w- c:\users\sacha\AppData\Roaming\inkscape

2010-09-03 13:53 . 2010-09-02 17:14 148 ----a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll

2010-09-02 17:14 . 2010-09-02 17:14 16 ---h--w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\jxdqvvr.dll

2010-09-02 17:14 . 2010-09-02 17:14 120 ----a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\ssprs.dll

2010-09-02 17:14 . 2010-09-02 17:14 1024 ----a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\grcauth2.dll

2010-09-02 17:14 . 2010-09-02 17:14 1024 ----a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\grcauth1.dll

2010-09-02 17:14 . 2010-09-02 17:14 1024 ----a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\clauth2.dll

2010-09-02 17:14 . 2010-09-02 17:14 1024 ----a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\clauth1.dll

2010-08-30 12:34 . 2010-09-03 13:26 1496064 ----a-w- c:\users\sacha\AppData\Roaming\Mozilla\Firefox\Profiles\j9tmknvo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

2010-08-30 12:33 . 2010-09-03 13:26 43008 ----a-w- c:\users\sacha\AppData\Roaming\Mozilla\Firefox\Profiles\j9tmknvo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll

2010-08-30 12:33 . 2010-09-03 13:26 338944 ----a-w- c:\users\sacha\AppData\Roaming\Mozilla\Firefox\Profiles\j9tmknvo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll

2010-08-30 12:33 . 2010-09-03 13:26 346112 ----a-w- c:\users\sacha\AppData\Roaming\Mozilla\Firefox\Profiles\j9tmknvo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

2010-08-28 09:56 . 2010-08-28 09:56 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-08-28 09:56 . 2010-08-02 08:13 -------- d-----w- c:\program files\DivX

2010-08-28 09:56 . 2010-08-02 08:13 -------- d-----w- c:\programdata\DivX

2010-08-28 09:56 . 2010-08-28 09:56 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe

2010-08-28 09:56 . 2010-08-28 09:56 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe

2010-08-28 09:56 . 2010-08-28 09:56 57691 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe

2010-08-28 09:55 . 2010-08-28 09:55 84063 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe

2010-08-28 09:55 . 2007-10-19 01:29 -------- d-----w- c:\program files\Common Files\PX Storage Engine

2010-08-28 09:55 . 2010-08-28 09:55 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe

2010-08-28 09:55 . 2010-08-28 09:56 185640 ----a-w- c:\programdata\DivX\Setup\finishPlugin.dll

2010-08-28 09:55 . 2010-08-28 09:55 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe

2010-08-28 09:55 . 2010-08-02 08:19 850200 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe

2010-08-28 09:55 . 2010-08-02 08:19 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll

2010-08-24 13:32 . 2010-08-24 13:32 89831 ----a-w- c:\users\sacha\AppData\Roaming\Dropbox\bin\Uninstall.exe

2010-08-20 16:25 . 2010-08-18 18:06 -------- d-----w- c:\users\sacha\AppData\Roaming\gtk-2.0

2010-08-17 10:14 . 2007-10-19 01:29 -------- d-----w- c:\program files\Roxio

2010-08-17 09:49 . 2010-03-30 09:08 -------- d-----w- c:\program files\VstPlugins

2010-08-08 17:19 . 2009-10-18 15:51 -------- d-----w- c:\users\sacha\AppData\Roaming\U3

2010-08-03 09:17 . 2007-10-19 01:25 -------- d-----w- c:\program files\Common Files\InstallShield

2010-08-03 09:17 . 2007-10-19 01:25 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-08-03 09:14 . 2007-10-19 01:47 -------- d-----w- c:\program files\Google

2010-08-02 12:14 . 2010-08-02 12:14 -------- d-----w- c:\program files\Megaupload

2010-08-02 12:13 . 2010-08-02 08:19 -------- d-----w- c:\users\sacha\AppData\Roaming\DivX

2010-08-02 08:29 . 2010-08-02 08:29 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-08-02 08:18 . 2010-08-02 08:18 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe

2010-08-02 08:18 . 2010-08-02 08:18 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe

2010-08-02 08:18 . 2010-08-02 08:18 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe

2010-08-02 08:18 . 2010-08-02 08:18 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe

2010-08-02 08:18 . 2010-08-02 08:18 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe

2010-08-02 08:18 . 2010-08-02 08:18 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe

2010-08-02 08:18 . 2010-08-02 08:18 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe

2010-08-02 08:18 . 2010-08-02 08:18 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe

2010-08-02 08:18 . 2010-08-02 08:18 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe

2010-08-02 08:18 . 2010-08-02 08:18 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe

2010-08-02 08:17 . 2010-08-02 08:17 -------- d-----w- c:\program files\Common Files\DivX Shared

2010-08-02 08:17 . 2010-08-02 08:17 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe

2010-08-02 08:16 . 2010-08-02 08:16 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe

2010-07-07 12:58 . 2010-07-07 12:58 122752 ----a-w- c:\windows\system32\drivers\tinspusb.sys

2008-01-07 11:45 . 2008-01-07 11:45 22 --sha-w- c:\windows\SMINST\HPCD.sys

2007-10-19 10:49 . 2007-10-19 10:31 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\sacha\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\sacha\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\sacha\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-10-12 1232896]

"CollaborationHost"="c:\windows\system32\p2phost.exe" [2006-11-02 191488]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-07 68856]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

"Steam"="c:\program files\steam\steam.exe" [2010-08-24 1242448]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-10-19 1006264]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]

"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]

"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]

"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-09-25 54672]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-10 198160]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-17 177472]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]

"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 281768]

 

c:\users\sacha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\sacha\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\startupfolder\C:^Users^sacha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]

path=c:\users\sacha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk

backup=c:\windows\pss\OpenOffice.org 2.3.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 135664]

R3 USBTINSP;TI-Nspire Handheld or TI Network Bridge Device Driver;c:\windows\system32\DRIVERS\tinspusb.sys [2010-07-07 122752]

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-02-11 691696]

S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-17 135336]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contenu du dossier 'Tâches planifiées'

 

2010-09-19 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-07 14:48]

 

2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 17:44]

 

2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 17:44]

 

2010-09-19 c:\windows\Tasks\User_Feed_Synchronization-{473F17EE-6575-468D-BDEE-A5607DEEAC72}.job

- c:\windows\system32\msfeedssync.exe [2010-09-06 04:56]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://eu.ask.com?o=16170&l=dis

mWindow Title =

uInternet Settings,ProxyServer = http=127.0.0.1:6092

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\sacha\AppData\Roaming\Mozilla\Firefox\Profiles\j9tmknvo.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://fr.google.mozilla.com/firefox?client=firefox-a&rls=com.google:fr:official

FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZKfox000&ptb=LiGvGkBPSK2Duzu3p0ga0g&psa=&ind=2010033009&ptnrS=ZKfox000&si=&st=kwd&n=77ceab71&searchfor=

FF - prefs.js: network.proxy.type - 4

FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\users\sacha\AppData\Roaming\Mozilla\Firefox\Profiles\j9tmknvo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- PARAMETRES FIREFOX ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-09-20 01:32

Windows 6.0.6000 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'Explorer.exe'(2708)

c:\users\sacha\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Google\Update\1.2.183.29\GoogleCrashHandler.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\WUDFHost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\conime.exe

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

.

**************************************************************************

.

Heure de fin: 2010-09-20 01:40:56 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-09-19 23:40

ComboFix2.txt 2010-09-19 16:41

 

Avant-CF: 95'271'518'208 octets libres

Après-CF: 94'962'122'752 octets libres

 

- - End Of File - - F477A46F687C9422EFFF5735587FDA92

[Thanos]

ok c'est tout bon: comment fonctionne le pc à présent ?

[keyronn]

Ca a l'air d'aller pour le moment. Juste une chose je désactive windows defender ou pas?

 

J'espère que cette fois je n'aurai plus de problème.

[Thanos]

salut

 

Juste une chose je désactive windows defender ou pas?

Tu peux le conserver si tu veux pour protéger le pc Je n'utilise personnellement qu'Antivir en résident et MalwareBytes comme scan d'appoint.

 

Désinstalle ComboFix comme ceci =>

 

• Passe par le Menu Démarrer > Exécuter ( pour cela utilise la combinaison de touches [Touche Windows]+[R]) et copie/colle ceci =>
   
  ComboFix /uninstall (il y a un espace entre x et / si tu recopies la commande manuellement)
   
  
• Une fenêtre va s'ouvrir et ComboFix sera désinstallé de ton pc et la restauration système sera purgée.

 

Tu peux aussi supprimer DSS

 

J'espère que cette fois je n'aurai plus de problème.

J'espère aussi Si tu as le moindre souci, tu n'hésite pas.

 

@ +

[keyronn]

Ok ca marche

 

 

A+